Aastra remote extension registration problems

Discussion in 'IP Phones' started by chris111, May 19, 2010.

  1. chris111

    Joined:
    Nov 15, 2007
    Messages:
    30
    Likes Received:
    0
    I am having issues connecting Aastra 57i from remote location. All ports are forwarded to Elastix server, xlite connects with no issues. I am running Elastix 1.6

    Here is my tail -f /var/log/messages:

    Code:
    May 18 21:37:36 elastix in.tftpd[13400]: RRQ from 192.168.0.151 filename security.tuz
    May 18 21:37:36 elastix in.tftpd[13400]: sending NAK (1, File not found) to 192.168.0.151
    May 18 21:37:38 elastix in.tftpd[13401]: RRQ from 192.168.0.151 filename security.tuz
    May 18 21:37:38 elastix in.tftpd[13401]: sending NAK (1, File not found) to 192.168.0.151
    May 18 21:37:40 elastix in.tftpd[13402]: RRQ from 192.168.0.151 filename security.tuz
    May 18 21:37:40 elastix in.tftpd[13402]: sending NAK (1, File not found) to 192.168.0.151
    May 18 21:37:42 elastix in.tftpd[13403]: RRQ from 192.168.0.151 filename security.tuz
    May 18 21:37:42 elastix in.tftpd[13403]: sending NAK (1, File not found) to 192.168.0.151
    May 18 21:37:44 elastix in.tftpd[13404]: RRQ from 192.168.0.151 filename security.tuz
    May 18 21:37:44 elastix in.tftpd[13404]: sending NAK (1, File not found) to 192.168.0.151
    May 18 21:37:45 elastix in.tftpd[13405]: RRQ from 192.168.0.151 filename aastra.cfg
    May 18 21:37:47 elastix in.tftpd[13406]: RRQ from 192.168.0.151 filename aastra.cfg
    May 18 21:37:49 elastix in.tftpd[13407]: RRQ from 192.168.0.151 filename aastra.cfg
    May 18 21:37:51 elastix in.tftpd[13408]: RRQ from 192.168.0.151 filename aastra.cfg
    May 18 21:37:53 elastix in.tftpd[13409]: RRQ from 192.168.0.151 filename aastra.cfg
    
    Thank You in advance.

    Chris
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    snip

    RRQ from 192.168.0.151 filename aastra.cfg

    so you will send the file to 192.168.0.151 if this device is, as you say, remote, and you have no "tunnel" then it just won't get the file 192.168.n.n can only be "local"(check with tcpdump)


    In other words your network/NAT setup is incorrect.
     
  3. chris111

    Joined:
    Nov 15, 2007
    Messages:
    30
    Likes Received:
    0
    Thanks Dicko,

    This one was over VPN, same occurs remotely except with ISP IP address instead of local.
     
  4. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    tftp runs on udp/69 use tcpdump to watch the conversion.
     
  5. chris111

    Joined:
    Nov 15, 2007
    Messages:
    30
    Likes Received:
    0
    I don't know what I am looking for. I don't see anything relevant at the time of attempted registration.

    Code:
    18:00:00.389114 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:01.487681 arp who-has 192.168.0.32 tell 192.168.0.201
    18:00:02.381073 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:03.921727 IP 192.168.0.200.nameserver > MICROSOFT-DS.MCAST.NET.nameserver: UDP, length 20
    18:00:04.373020 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:06.364982 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:08.356939 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:10.275607 IP 192.168.0.201.nameserver > MICROSOFT-DS.MCAST.NET.nameserver: UDP, length 16
    18:00:10.348889 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:11.249702 IP 192.168.0.37.netbios-dgm > 192.168.0.255.netbios-dgm: NBT UDP PACKET(138)
    18:00:12.340846 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:14.332802 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:15.040591 IPX 00000000.00:80:91:69:a4:28.0452 > 00000000.ff:ff:ff:ff:ff:ff.0452: ipx-sap-resp AdvertisingPrintServer 'MFP_06923304[|ipx 64]
    18:00:15.784637 00:25:64:2e:8b:c7 (oui Unknown) > 01:80:c2:00:00:0e (oui Unknown), ethertype Unknown (0x88cc), length 60:
            0x0000:  0207 0400 2564 2e8b 9704 0405 6534 3806  ....%d......e48.
            0x0010:  0200 7800 0000 0000 0000 0000 0000 0000  ..x.............
            0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............
    18:00:16.324752 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:17.008935 arp who-has 192.168.0.52 tell 192.168.0.71
    18:00:17.032643 arp who-has 192.168.0.52 tell 192.168.0.75
    18:00:17.141340 arp who-has 192.168.0.33 tell 192.168.0.52
    18:00:18.316707 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:18.922154 arp who-has 192.168.0.137 tell 192.168.0.200
    18:00:20.308671 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:22.300622 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:23.460574 IP 192.168.0.76.netbios-dgm > 192.168.0.255.netbios-dgm: NBT UDP PACKET(138)
    18:00:24.292593 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:26.284535 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:26.320335 IP 192.168.0.135 > 239.255.255.250: igmp v2 report 239.255.255.250
    18:00:26.402472 IP 192.168.0.26 > HP-DEVICE-DISC.MCAST.NET: igmp v2 report HP-DEVICE-DISC.MCAST.NET
    18:00:26.920335 IP 192.168.0.135 > ALL-ROUTERS.MCAST.NET: igmp v2 report ALL-ROUTERS.MCAST.NET
    18:00:27.118675 arp who-has 192.168.0.80 tell 192.168.0.200
    18:00:28.276484 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:28.341998 arp who-has 192.168.0.71 tell 192.168.0.201
    18:00:28.984978 arp who-has 192.168.0.137 tell 192.168.0.200
    18:00:30.125480 arp who-has 192.168.0.37 tell 192.168.0.200
    18:00:30.156990 IPX 00000000.00:11:0a:c2:cc:cd.0452 > 00000000.ff:ff:ff:ff:ff:ff.0452: ipx-sap-resp IntelNetport2/HP JetDirect/HP Quicksilver '00110AC2CCCD80D1NPIC2CCCD[|ipx 64]
    18:00:30.268443 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:32.260398 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:34.252352 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:36.244304 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:38.236309 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:38.985249 arp who-has 192.168.0.137 tell 192.168.0.200
    18:00:40.228214 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:42.220170 802.1d config 8000.00:25:64:2e:8b:97.8030 root 8000.00:25:64:2e:64:76 pathcost 4 age 1 max 20 hello 2 fdelay 15
    18:00:43.800959 IP 192.168.0.23.netbios-dgm > 192.168.0.255.netbios-dgm: NBT UDP PACKET(138)
    
    At the same time /var/log/messages:

    Code:
    May 19 18:00:26 elastix in.tftpd[549]: RRQ from 69.xxx.xxx.xxx filename security.tuz
    May 19 18:00:26 elastix in.tftpd[549]: sending NAK (1, File not found) to 69.xxx.xxx.xxx
    May 19 18:00:28 elastix in.tftpd[550]: RRQ from 69.xxx.xxx.xxx filename security.tuz
    May 19 18:00:28 elastix in.tftpd[550]: sending NAK (1, File not found) to 69.xxx.xxx.xxx
    May 19 18:00:29 elastix in.tftpd[551]: RRQ from 69.xxx.xxx.xxx filename aastra.cfg
    
    Thanks for your help, I really appreciate it.
     
  6. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    I suggest you RTFM

    man tcpdump

    maybe then something like

    tcpdump -i ethX -nn -vv port 69 and host <the one your interested in>

    should reduce the "noise" you posted
     
  7. chris111

    Joined:
    Nov 15, 2007
    Messages:
    30
    Likes Received:
    0
    Ok, looks better, I just don't know what to look for exactly :unsure:

    Code:
    tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
    18:34:01.667090 IP (tos 0x0, ttl  51, id 6, offset 0, flags [none], proto: UDP (17), length: 49) 67.166.157.162.1024 > 192.168.20.2.69: [udp sum ok]  21 RRQ "security.tuz" octet
    18:34:03.658947 IP (tos 0x0, ttl  51, id 7, offset 0, flags [none], proto: UDP (17), length: 49) 67.166.157.162.1024 > 192.168.20.2.69: [udp sum ok]  21 RRQ "security.tuz" octet
    18:34:05.665957 IP (tos 0x0, ttl  51, id 8, offset 0, flags [none], proto: UDP (17), length: 49) 67.166.157.162.1024 > 192.168.20.2.69: [udp sum ok]  21 RRQ "security.tuz" octet
    18:34:07.672954 IP (tos 0x0, ttl  51, id 9, offset 0, flags [none], proto: UDP (17), length: 49) 67.166.157.162.1024 > 192.168.20.2.69: [udp sum ok]  21 RRQ "security.tuz" octet
    18:34:09.657921 IP (tos 0x0, ttl  51, id 10, offset 0, flags [none], proto: UDP (17), length: 49) 67.166.157.162.1024 > 192.168.20.2.69: [udp sum ok]  21 RRQ "security.tuz" octet
    18:34:10.671656 IP (tos 0x0, ttl  51, id 17, offset 0, flags [none], proto: UDP (17), length: 47) 67.166.157.162.1025 > 192.168.20.2.69: [udp sum ok]  19 RRQ "aastra.cfg" octet
    18:34:12.664991 IP (tos 0x0, ttl  51, id 23, offset 0, flags [none], proto: UDP (17), length: 47) 67.166.157.162.1025 > 192.168.20.2.69: [udp sum ok]  19 RRQ "aastra.cfg" octet
    18:34:14.659013 IP (tos 0x0, ttl  51, id 24, offset 0, flags [none], proto: UDP (17), length: 47) 67.166.157.162.1025 > 192.168.20.2.69: [udp sum ok]  19 RRQ "aastra.cfg" octet
    18:34:16.658026 IP (tos 0x0, ttl  51, id 25, offset 0, flags [none], proto: UDP (17), length: 47) 67.166.157.162.1025 > 192.168.20.2.69: [udp sum ok]  19 RRQ "aastra.cfg" octet
    18:34:18.666044 IP (tos 0x0, ttl  51, id 26, offset 0, flags [none], proto: UDP (17), length: 47) 67.166.157.162.1025 > 192.168.20.2.69: [udp sum ok]  19 RRQ "aastra.cfg" octet
    
     
  8. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    you might want to check the aastra.cfg file for correctness, my guess is you have the wrong tftp server in there.
     
  9. chris111

    Joined:
    Nov 15, 2007
    Messages:
    30
    Likes Received:
    0
    I wonder if it is because I have two NICs on this system, one is data and one voice vlan. Then again, I was watching tcpdump on my data and there was no output so it is hitting the correct one. Here is my aastra.cfg, looks good to me

    Code:
     Aastra default config file for use with XML scripts
    # Generated using setup-aastra-xml
    #
    # Copyright (C) 2009 Aastra Telecom
    #
    
    # Setup DHCP mode
    dhcp: 1
    
    # Setup TFTP server address
    tftp server: 192.168.20.2
    
    #VLAN taggin on
    tagging enabled: 1
    #VLAN Setting for LAN port
    VLAN id: 20
    #VLAN Setting for PC port
    VLAN id port 1: 2
    
    # SIP Proxy/Registrar
    dynamic sip: 1
    sip line1 user name: XXNAXX
    sip line1 proxy ip: 192.168.20.2
    sip line1 registrar ip: 0.0.0.0
    
    # Time server
    time server disabled: 0
    time server1: pool.ntp.org
    time server2: 192.168.20.2
    
    # Time Zone
    time zone name: US-Pacific
    time zone code: PST
    
    # Date and time format
    time format: 0
    date format: 0
    
    # Localization
    tone set: US
    language 1:
    language 2:
    language 3:
    language 4:
    language:
    input language:
    web language:
    
    # Localization XML Scripts
    ask_language:
    ask_tz: 0
    
    # Digit timeout
    sip digit timeout: 6
    
    # Allow XML push
    xml application post list: 192.168.20.2
    xml get timeout: 30
    
    # Startup URI
    action uri startup: http://192.168.20.2/aastra/startup/init.php
    
    # BLF customization
    sip accept out of order requests: 1
    sip blf subscription period: 600
    
    # Unlock keys on 6730i, 6731i anf 6753i
    prgkey1 locked: 0
    prgkey2 locked: 0
    prgkey5 locked: 0
    prgkey6 locked: 0
    
    # Force one key
    softkey1 type: xml
    softkey1 label: Startup
    softkey1 value: http://192.168.20.2/aastra/startup/init.php
    prgkey1 type: xml
    prgkey1 value: http://192.168.20.2/aastra/startup/init.php
    
    
    I am also running dhcp on this system, here is my dhcpd.conf

    Code:
    ddns-update-style interim;
    ignore client-updates;
    
    subnet 192.168.20.0 netmask 255.255.255.0 {
            option routers                  192.168.20.1;
    
    
            option subnet-mask              255.255.255.0;
    #       option nis-domain               "asterisk.local";
    #       option domain-name              "asterisk.local";
    
            option time-offset              -18000; # Eastern Standard Time
            option ntp-servers              192.168.20.2;
            option tftp-server-name         "tftp://192.168.20.2";
    
    
            range dynamic-bootp 192.168.20.100 192.168.20.199;
            default-lease-time 50000;
            max-lease-time 50000;
    }
    
    
     
  10. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    As I "guessed", your phones almost certainly can't reach your tftp server after getting aastra.cfg.

    I think you need to brush-up on how VLAN's and routing work, my understanding from your breadcrumbs is that you have 192.168.20.0/24 assigned as the network on both vlan0 (untagged) and vlan20 (tagged),


    IMHO that's a strange network topology, do you indeed have a properly organized VLAN ?

    do you use a managed switch and multiple network interfaces on the Elastix box" ?

    or does your server have a tagged VLAN20 interface on it (eth0.20) and internal bridging/routing appropriate?

    The phones will reconfigure themselves to VLAN20 on reading aastra.cfg and thus start tagging the traffic appropriately, then ask for the mac file from the server on that VLAN, if you have separate nics (untagged and a managed network) you need to tcpdump that nic, if you use eth0.20 (using 8021q thus tagged) you need to tcpdump -i eth0.20

    dicko

    p.s. for many reasons, I suggest you use VLAN512 for your voice traffic, it will save you effort and possibly headaches in the future, (go ask Cisco :) )
     
  11. chris111

    Joined:
    Nov 15, 2007
    Messages:
    30
    Likes Received:
    0
    Yes, Dell 3524p and eht0 for untagged data 192.168.0.0 and eht1 tagged voice 192.168.20.0

    I did, no output from eht0

    Everything is working great internally, has been over a month. I just cannot provision remotely.

    I have another box with 1 interface I tried to provision to and I have same exact issue. It is something I am doing incorrectly but I do not know what. I am using RV042 in both cases and have same issue.

    For Aastra configuration all I have to input the public IP of the (tftp) configuration server correct? Do I need to open port 80 even though I am not interested in running xml scripts remotely? Is this needed for initial configuration? I have UDP 69 open to that server.

    Thank You very much Dicko, I appreciate your patience
     
  12. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    After it is on the vlan then the tftp traffic will appear (providing you got it right ) on eth1.


    You didn't answer my question as to how you route between 192.168.0.0 and .20

    Your "remote" provisioning require that the VLAN is forwarded (unlikely unless it's YOUR layer 2 network and you know what you are doing) you normally need to keep the remotes in a IP routable network either layer three mostly, or layer two if VLANs, and it's YOUR ethernetwork, no? 192.168.0.0/16 is NOT rout-able except within your interdicts on layer 2.

    Tagged traffic will not go anywhere outside your Ethernet (LAN) unless you intercede

    In other words, turn your VLAN tagging off until you know what you are doing :)

    This is NOT an Elastix problem, it is a networking problem, you can't route ethernet traffic (VLANS included) you can however send it to your networks if you have layer 2 connectivity.

    dicko
     

Share This Page